A change management policy is a formal process for making changes that’s been put into writing. The purpose of such a document is to ensure that everyone in your organization knows how to implement changes and has a set of rules they can always consult to make sure they’re in compliance.
It’s especially important for enterprise-level organizations to define and standardize procedures that could apply to hundreds or thousands of employees. When drafting one, make sure your change management policy clearly lays out the following components:

1. Purpose

Your document should begin by justifying its existence. In the “purpose” section, explain the reason for putting a change management policy in place.
The purpose of most policies is twofold: first, the document officially codifies change management expectations, processes, and procedures; second, having a public policy that’s easily referenced can ensure that all changes are implemented according to these processes.
There may be additional purposes to describe, as well. For example, a lot of change management policies are about making proposed changes to an organization’s IT systems. Usually, the purpose of these policies is to establish a procedure that minimizes the negative impact IT adjustments will have on services and customers.
The American University in Cairo’s change management policy for their information systems offers a good example.

Just two sentences long, this passage succinctly describes what the AUC’s policy is meant to accomplish and why it matters.

2. Scope

The next section of your change management policy should explain who and what the policy affects.
Start by listing all of the people the policy applies to inside your organization (and even outside, if vendors are also impacted). If all employees are meant to adhere, specify that “no employee is exempted from the policy.” If only a certain department or type of employee is affected, clearly define that group.
Next, specify which types of processes are included in the policy. Try to include an example of each process to make the policy easier to understand and less abstract.
For example, the digital workflow software provider Leading2Lean defines the scope of their change management policy as covering all changes to the production environment, including “any and all changes to the hardware, software or applications.” The document then goes on to cite examples of why such changes might be made, including user requests and hardware or software upgrades.

3. Policy

After some initial table-setting, it’s time to finally get to the “policy” part of your change management policy. The meat of the document is the section where you actually outline the specifics of your process.
Policy sections tend to be pretty long, since there are often lots of rules, exceptions, and tiny details that all need to be explicitly laid out. But at its essence, your policy description must include

  • a step-by-step description of the procedure for implementing changes,
  • identification of who is involved at each stage of the process, and
  • all applicable rules and requirements for each stage of the process.

The United States Postal Service’s change management policy for IT change requests (CR) explicitly details the full process for submitting, approving, and implementing all types of changes.

The policy section goes on to outline all of the requirements of the process, including impact analysis and risk analysis for all proposed changes.
Policy descriptions have a tendency to get long-winded, but that’s actually for the best. One of the primary purposes of a change management policy is to create a reference document that all employees can use to understand the process. If you oversimplify or abridge the policy description, it will no longer be useful. It’s good to use direct, straightforward language, but don’t skimp on the details, or the document won’t be of much help to anyone.

4. Additional Important Sections

Purpose, scope, and policy are the three essential components of any change management policy. However, some organizations find it necessary to add in some supporting sections that clarify or expand on the information already presented.
The three most common supplementary sections are Roles and Responsibilities, Definitions, and Supporting Documents.

Roles and responsibilities

This section outlines who does what and describes their titles, roles, and responsibilities in the change management process.
For example, Oregon State University’s change management policy thoroughly defines the roles and responsibilities of the Change Advisory Board (CAB), Manager, Change Authority, and Requestor. The Requestor is tasked with preparing requests for change (RFCs) for the Change Authority. The CA, in turn, is tasked with reviewing and approving RFCs for the Manager. The Manager is tasked with checking the feasibility of RFCs — which can’t move forward without an advisory review by the Change Advisory Board.


It can be helpful to include an alphabetized glossary of the terms you used throughout your change management policy. Having a “Definitions” section makes it easier for employees reading the document to figure out what some of the more technical terms mean.
It’s especially useful if you have an acronym-heavy policy. For example, Loyola University’s information technology–based change management policy defines a change request (CR) as “a documented request to modify the ITS infrastructure.” It also defines the ITS infrastructure as “the network, server, storage, database and solutions technologies managed by the Information Technology Services department.”

Supporting documents

If your change management policy references other company policies, processes, or procedures, it’s a good idea to include links to those documents, as well.
This is where it pays to have a comprehensive intranet for your organization. If you’re able to link to handbooks and guides that help explain or expand on some of the processes covered by your policy, employees will have all of the additional information they could need.
For example, the Postal Service’s change management policy has a “Supporting Documentation” section that links out to an information security handbook, a Technology Solution Life Cycle (TSLC) Policy, and more.

Use a Change Management Policy Template to Get Started

Ready to start writing? Download our Change Management Policy Template.docx and fill out each section according to your organization’s agreed-upon change management procedures.

Once you’ve finished writing and approving your change management policy, be sure to post it someplace where it’s visible to everyone affected. Whether that’s a company intranet or a public website, the document will be most effective if it’s easily accessible.

Get Enterprise-Level Buy-in For Your New Policy

Any organization that has change capacity will want to consider creating an official change management policy. But large enterprises should definitely draft one. When there are that many moving parts involved, it’s essential that everyone knows and follows the same procedures, lest hundreds of people come up with hundreds of different ways to do something.
Of course, size is also one of the great challenges of change management. Worried about making sure everyone is aware of and well-versed in your new policy? Get everyone onboard with the new way of doing things with the help from enterprise-level Digital Adoption Solutions like Whatfix, which guide employees through new, unfamiliar processes.

Related Articles